CVE-2026-1498
Unknown Unknown - Not Provided
LDAP Injection in WatchGuard Fireware OS Allows Sensitive Data Access

Publication date: 2026-01-30

Last updated on: 2026-01-30

Assigner: WatchGuard Technologies, Inc.

Description
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase.This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-30
Last Modified
2026-01-30
Generated
2026-06-16
AI Q&A
2026-01-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1498
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
watchguard fireware_os From 12.0 (inc) to 12.11.6 (inc)
watchguard fireware_os From 12.5 (inc) to 12.5.15 (inc)
watchguard fireware_os From 2025.1 (inc) to 2026.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-90 The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1498 is an LDAP Injection vulnerability in WatchGuard Fireware OS that allows a remote unauthenticated attacker to exploit an exposed authentication or management web interface to retrieve sensitive information from a connected LDAP authentication server. Additionally, if the attacker has a valid user's passphrase, they can authenticate as that LDAP user using only a partial identifier. [1]

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information from the LDAP authentication server. It also allows an attacker with a valid user's passphrase to impersonate that user by authenticating with only a partial identifier, potentially leading to unauthorized access to systems and data. [1]

Mitigation Strategies

To mitigate the CVE-2026-1498 LDAP Injection vulnerability in WatchGuard Fireware OS, you should update your Fireware OS to version 12.11.7 if you are using the 12.x branch, or to version 2026.1 if you are using the 2025.1 branch. No workaround is available, so applying these updates is the immediate and recommended step to resolve the issue. [1]

Compliance Impact

This vulnerability allows remote unauthenticated attackers to retrieve sensitive information from an LDAP authentication server, which could lead to unauthorized access to personal or protected data. Such unauthorized data exposure and access could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information and preventing unauthorized access. However, no specific compliance impact details are provided in the resources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1498. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart